Last week, I noted that Adobe was planning to release security updates for its Acrobat and Reader products today, for the Windows and Mac OS X platforms (an update for the UNIX/Linux version is scheduled for the week of February 28). Adobe did release those updates today; it also released a security bulletin for its Flash Player, along with a new version, 10.2.152.27.
The Flash Player update addresses 13 different security vulnerabilities, some rated Critical; the vulnerabilities are present in Flash Player versions 10.1.102.64 and earlier. Further details are given in the Adobe Product Security Bulletin [APSB11-02]. The new version is available for all platforms (Mac OS X, Windows, and UNIX/Linux) from the Flash Player download page. Windows users can, alternatively, use the update mechanism built into the player. Because the Flash Player is widely installed across multiple platforms, it is an attractive target for the Bad Guys. I encourage you to update your systems as soon as you can.
The patches for Acrobat and Reader address 29 security vulnerabilities; some of these are also Critical. The affected software versions are:
- Adobe Reader X (10.0) and for Windows and Macintosh
- Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh
Details of the fixes are given in the Adobe Product Security Bulletin [APSB11-03]. At present, updates are available for the Windows and Mac OS X platforms; Adobe says the update for UNIX/Linux versions will be available the week of February 28. You can obtain the new version of Reader by using the built-in update mechanism (Help / Check for Updates); alternatively, you can download the necessary updates from these pages:
Acrobat users can also use that product’s built-in update mechanism; the Security Bulletin [APSB11-03] contains direct download links for the updates.
The Acrobat and Reader updates also include the security update for their built-in Flash player capability.